Multiple flaws were found in the way pcre handles certain malformed regularexpressions. If an application linked against pcre, such as Konqueror,parses a malicious regular expression, it may be possible to run arbitrarycode as the user running the application. (CVE-2007-1659, CVE-2007-1660)

Users of pcre are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues.

Red Hat would like to thank Tavis Ormandy and Will Drewry for properlydisclosing these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.